% !TEX root = main.tex

\subsection{Drawbacks of the Evaluated MDS Methodologies}
\label{sec:criticism}

Criticisms quickly come out on the former group of \mds methodologies, which modeling and security analysis capabilities are based on profiling \UML, since the disadvantages are evident. 
First, profiling \UML limits the modeling capability for wide range security concerns: 
adapting them to new security concerns beyond their original designed target is difficult, if not even impossible \cite{sanchez:jucs-15-15}. 
For example, \emph{secureUML} works well on \rbac, but it is hard to model and reason about ``message-lost'' threat in mobile communication scenario.
Second, using general-purpose modeling languages like \UML hinders reusability, although it favors communication between models. 
However, adapting these profiles for new systems requires a huge effort for systems for which security is not well standardized \cite{JCISIMA:MA:MDS}.

To overcome the inherent drawbacks of profiling \UML, the generic security requirement metamodels and tailored \dsl{}s used both in \emph{ProSecO} and \emph{ModelSec} is a crucial evolution step.
Better, \textsl{ModelSec}'s idea of providing a common metamodel that deals with generic security aspects, that can be easily extended with new security concerns, is a promising approach. 
However, neither \emph{ProSecO} nor \emph{ModelSec} provides rigorous security analysis based on formal reasoning:
security analysis is a qualitative deduction in \emph{ProSecO} while in \emph{ModelSec} it is informally performed on security design model.
Furthermore, as the dashed rectangle represented in \fig \ref{fig:ProSecO}, \emph{ProSecO} even lacks of tool-supported code generation at present.

Regarding security concerns, most of the evaluated \mds methodologies, with the notable exception of \textsl{ModelSec}, target only a specific one, \ie concentrating on access control, confidentiality or threats. 
However, as the European Network and Information Security Agency stipulates, systems always deal with various aspects present altogether: 
security is ``\emph{the capacity of networks or information systems to resist unlawful or malicious accidents or actions that compromise 
the \emph{availability}, \emph{authenticity}, \emph{integrity} and \emph{confidentiality} of stored or transferred data with a certain level of confidence, 
as well as the services that are offered and made accessible by these networks} \cite{10.1007/978-3-8348-9283-6-8}''. 
Regarding the current \mds practice, one has to combine several approaches on the same system to reach this goal \cite{JCISIMA:MA:MDS}.

Regarding transformation aspect, no obvious evolution has been witnessed. 
However, we noticed that none of the evaluated \mds methodologies proposes to generate test artifacts at the last stage, when the full code for targeted platforms is generated. 
Testing the final code is important in our opinion to increase the confidence of the delivered system and to make sure the security concerns are enforced for reasonable usage scenario.

Traceability is rarely presented in our reviewed \mds methodologies, due to the difficulty we discussed in \sect \ref{sec:Y-Traceability}: 
\textsl{UMLsec} uses theorem-proving techniques on the level of the generated code for determining attack sequences violating the security requirements; 
and \textsl{ProSecO} only provides a qualitative analysis based on component dependencies. 
However, as we already stated, traceability is a desirable feature that would help engineers getting feedback on their development and helping them correct errors in all layers according to the Y-Model.

As a last and general remark, we would like to point out the fact that all these \mds methodologies are academic approaches, which need to gain maturity to fill the gap between theory and practice: 
some of them are prototypes illustrating theoretical concepts as part of a research project; 
most of them are implementations designed for a specific business domain, and/or a specific security concern \cite{JCISIMA:MA:MDS}. 